Free Decryption Tools to Retrieve Files Encrypted by Ransomware

Ransomware is an evil malware that encrypts the victim’s files and then requests payment in return for the key to decrypt the encrypted data. Initially popular in Russia, the use of ransomware has grown internationally and has gone mainstream with several high-profile attacks. While many victims are paying the ransom trying to get their data back, many security firms have been working hard on the solutions to stop this cyber criminal.

AVG Virus Lab recently released six free decryption tools for recent ransomware strains. Good news for the victims of these six kinds of ransomware because they can take back what’s theirs without paying a cent to the criminals.

Before you run these tools to recover your data, it’s recommended you run a full scan of the infected computer and back up the encrypted files to an external storage so you can do the decryption on an uninfected computer. You will also need to identify the strain that causes the problem, and run the appropriate decryption tool.

Apocalypse

The Apocalypse ransomware appends “.encrypted”, “.locked”, or “.SecureCrypted” to names of encrypted files and creates ransom messages in files with extensions “.How_To_Decrypt.txt”, “.README.Txt”, or “.Contact_Here_To_Recover_Your_Files.txt”.

TeleCrypt

A new ransomware, TeleCrypt appeared recently carrying some new ideas. While most ransomware communicates with their C&C over simple HTTP-based protocols, Telecrypt abuses for this purpose the API of a popular messenger, Telegram.

Fortunately, the encryption used in this ransomware wasn’t strong and the engineer at Malwarebytes was able to develop a decryption tool allowing the victims to recover their files without paying the ransom.

A few words

Obviously, the tools listed here won’t be able to cover all of the variations of the ransomware family. In fact, it’s still hopeless if you are hit by one of the top 3 ransomware in the wild today. But it’s a start. We intend to keep this post up-to-date as new decryption tools made available to the public. And if you know something that is not listed here, please share them in the comment.

The more details about the ransomware, check out this new website called No More Ransom.